AES 256 Ciphertext Length versus Input String length

Anuj Varma — Wed, 03 Dec 2025 04:01:39 +0000

AES Ciphertext Length Explanation

AES Ciphertext Length Explained

1⃣ AES Block Size

AES always operates on 128-bit blocks (16 bytes). The key size (128/192/256 bits) does not affect the block size.
AES encrypts data in multiples of 16 bytes.

2⃣ Padding

If your plaintext is not a multiple of 16 bytes, AES must pad it before encryption.

PKCS#7 padding is common
If plaintext = 20 bytes → pad with 12 bytes → total = 32 bytes
If plaintext = 32 bytes → add 16 bytes padding → total = 48 bytes

So the ciphertext length is usually ≥ plaintext length, rounded up to the next 16-byte block.

3⃣ Modes of Operation

Mode	Ciphertext length vs plaintext	Notes
ECB / CBC	Multiple of 16 bytes (padding applied)	Deterministic / requires IV for CBC
CTR / GCM	Same length as plaintext	Stream cipher mode, no padding needed
CFB / OFB	Same length as plaintext	Operates like a stream cipher

Note: CBC and ECB require padding → ciphertext may be longer. CTR, GCM, CFB, OFB → ciphertext = plaintext length (excluding authentication tag in GCM).

4⃣ Example

Plaintext: Hello world! (12 bytes)
AES-256-CBC → padded to 16 bytes → ciphertext = 16 bytes
AES-256-CTR → ciphertext = 12 bytes

Note: For AES-GCM, an authentication tag (usually 16 bytes) is appended to the ciphertext.

Summary

AES block size = 16 bytes, ciphertext = multiples of 16 bytes if using block modes with padding.
Stream modes (CTR/GCM) → ciphertext ≈ plaintext length (tag aside).

The post AES 256 Ciphertext Length versus Input String length appeared first on Anuj Varma, Hands-On Technology Architect, Clean Air Activist.